Slashback: Exactitude, Fortitude, Picnic 149
You mean we have to reprint all the invitations? Reader Ian Cowley wrote with a slight correction about the end of an era:
"Your article on slashdot.org about the billionth second of the epoch is sort of (but not entirely) flawed.Yes, UNIX systems will report 1000000000 seconds at 01:46:40 on 9th September. Which of course means the 1 billionth number will be 01:46:39.
But, these systems do not account for leap seconds. According to TAI (international atomic time), the 1 billionth second since the beginning of January 1st 1970 will occur at 01:46:17 on 9th September 2001, as 22 leap seconds have been inserted since 1970 (the first was 1972, the last 1999).
So celebrations of the 1000000000th second should be at 01:46:17, whilst 01:46:40 can be reserved for celebrating 1000000000 displayed on UNIX system clocks."
Errr ... thanks. We'll just have to start at "Unix Day, Observed."
What price the capture and humiliation of virus spreaders? JayHerrick writes: "We have posted a small bit of JSP that reports the number of times our server has been queried for a 'default.ida' page. It's stylish, it's cool, and it'll probably get Pepsi all mad at us because we ripped the Code Red logo off one of the bottles." Equally stylish, despite the name, is a small tool named codeRedNeck, described by reader mindriot thus: "As CodeRed probes port 80 of a machine, CodeRedNeck first answers on that port and then goes silent, thus forcing the worm to wait until the connection times out." He advises: "Read the original idea by Tom Liston. Heise also has more on this."
Even More Auspicious dates. No matter which date you choose to mark it, Linus' little kernel-that-could is about to mark its tenth birthday. ikluft writes:
Reader big_drew adds: "The event is free (food, softdrinks, cds -- sorry, no free beer, but byo is ok)" and says "If you can't make it out to CA, you can still get the t-shirt (profits will be used to fund the picnic).""The "Linux10" Linux 10th anniversary picnic and BBQ will be held on Saturday, August 25 from 11AM to 6PM at Sunnyvale Baylands Park in Sunnyvale, California. Details and directions can be found at Linux10.org. If you can attend, please use the RSVP form so the organizers know how much food and soft drinks to provide (only provided if you RSVP.)Linux10 is being organized as a family event -- bring the kids. In support of that goal, it is also a no-media event. Linux and Open Source enthusiasts who work for the media may attend and participate while off-duty.
Linux10 will gladly link to other Linux 10th anniversary events. Let us know the URLs for those events."
Anyone want to organize a picnic in the vicinity of Knoxville, TN? :) I can bring some pasta salad and watermelon.
Ten candles all around here, too. Simon Spero writes: "As noted in http://www.w3.org/History.html, today, August 6th, is the 10th anniversary of the first public release of the CERN Web Software."
Washington DC Metro 10year party? (Score:1)
Knoxville picnic (Score:1)
Either case please feel free to call me (Jeb) at 368-5322, email at (jebc at c4solutions.net), or get more contact info at my company's website [c4solutions.net].
Always love to hear from some slashdotters in the area, and if you ever get bored (or for the picnic) we have a kegerator (sp?) at our office that we are always at downtown.
1E9 party in Denmark (Score:2)
according to this article [bbc.co.uk] on the BBC News [bbc.co.uk] web site.
Party! (Score:1, Funny)
Re:Party! (Score:1)
Shit, I'm drunk already.
Re:Party! (Score:1, Funny)
Re:01:46:40 on 9th September (Score:2, Informative)
If you have Perl on your system, this snippet will tell you exactly what time (localtime) the billionth second, according to Unix, will pass:
perl -e 'print scalar localtime(1000000000), "\n"'
I'm a little disapointed that the billionth second occurs the day after my 21st birthday. One day earlier would have been way cool...
Re:01:46:40 on 9th September (Score:2, Interesting)
As in Chicago.... (Score:2)
Does anybody really care?"
Re:01:46:40 on 9th September (Score:1)
Which means that for New Zealand the celebrations will begin hours before it does in the States.
Man, we're gonna be so drunk when you guys show up. We'll try to save you some Cheezles.
(You guys got Cheezles over there? Substitute whatever brand of cheese doodles makes you laugh the most)
Re:01:46:40 on 9th September (Score:1)
Re:Whats that mean for me? (Score:2, Interesting)
JSP Garbage (Score:3, Offtopic)
<p><b>This webserver has been attacked by CodeRed 2
<font color="#ff0000">
<? $cr=passthru("grep -c XXXXXXXX
echo $cr;
?>
</font> Times</b>
CC
Re:JSP Garbage (Score:1)
Re:JSP Garbage (Score:1)
I'm still ingesting the first caffeine for the day...
Re:JSP Garbage (Score:1)
Re:JSP Garbage (Score:5, Informative)
Multiply that by 1 request per second and you're toast. I'd suggest strongly that you use something else to generate your statistics OFFLINE, such as this excellent perl program [kryptolus.com] which also generates quite a nifty, sortable report!
To the author of that, by the way, a warm thank you! I'm using it myself!
Re:JSP Garbage (Score:2)
Re:JSP Garbage (Score:1)
Re:JSP Garbage (Score:2, Interesting)
Re:JSP Garbage (Score:4, Funny)
I'd second that -- I've now had almost 14000 attacks on my server in the last 7 days. Apart from blowing out all the logs, it has cost me about $40 in bandwidth as well. Where can I send the bill?
Send Bill Gates to that place...
I send you this bill... (Score:2, Funny)
I send you this bill in order to have your advice.
See you later. Thanks.
Re:I send you this bill... (Score:1)
THANKS for that, I needed a laugh tonight.
That one is the first in a (so far) three part "series", I've recieved tonight, how about you?
By the way...
Just WAHT is the payload of that loaded attachment anyhow? I just delete them, and move on.
Re:I send you this bill... (Score:1)
Sadly, nothing I've been sent by SirCam has been interesting.
Re:JSP Garbage (Score:1)
Of course, I do mine manually from my desk at work when I get bored
Re:JSP Garbage (Score:1)
Version 0.8 [kryptolus.com] is available which can now automatically detect and process gzipped logs
Re:JSP Garbage (Score:2)
Proposition 1:The number of times your web-server is attacked is a compositional function of the log entries.
What prop. 1 tells you is, that to you may directly apply the "divide and conquer" strategy to the problem, analysing parts of the log-file seperatly and composing the application of your counting function to each part by the binary operator "+".
This tells you, that once you have visited a part of the log-file, you will never have to visit that again, so maybe your program should look something like:
Of course, you need to look out for synchronization in this version of the program, but it won't grind your server to a halt when 3-4 people press the "Number of code-red worms deflected" link at the same time
Re:JSP Garbage (Score:2, Interesting)
Re:JSP Garbage (Score:1)
Re:JSP Garbage (Score:1)
Much Easier... (Score:1)
That's how I do it [waldo.net], anyhow.
-Waldo
Re:Much Easier... (Score:3, Interesting)
With Roxen's cache [ofdoom.com] tag, I just threw <cache minutes=15> </cache> tags around the cpu intensive parts of mine [ofdoom.com] and let Roxen handle the rest.
I do have a cron job that parses the logs every 15 minutes, and updates the backend database. (I could have done that from the web page as well, but then my samples wouldn't be taken every 15 minutes).
Re:JSP Garbage (Score:1)
I have an improvement to the JSP code cited in the article. It uses a highly scalable thread scheduling algorithm and is 100% compatible with the J2EE specification.
Re:JSP Garbage (Score:1)
Re:JSP Garbage (Score:1)
Hack away at it...my log file is getting -big- (75MB), we've got 4 IP's here but only 650 attempts so far, and 200 from one machine alone.
<html><body><pre>
<?
$fil = fopen("CR2log","r");
while (!feof($fil)) {
$IP = fgets($fil,64);
$IPcnt[$IP]++;
}
arsort($IPcnt);
print("<html><body><table>");
while (list($key,$val) = each($IPcnt)) {
print("($val)\t$key\n");
}
?>
</body></html>
Free as in speech, not beer (Score:5, Funny)
Stopping Code Red II (Score:1, Interesting)
Does anyone think that sending a shutdown command to an attacking machine is unreasonable? Any ideas on how to do it (my NT command line knowledge is minimal).
There's "IISReset" (Score:1)
Word on the street has it that the first Code Red worm contained a buffer overflow of its own: querying a default.ida with an overflow string of 64K of garbage would crash it out. Doubt the newer varieties have the same problem, but then again, k1dd10t5 aren't known for their innovative coding style...
Linux Birthday Bash (Score:3, Insightful)
Having used so many flimsy excuses for a piss up, I think it would be a shame to let this one go.
Re:Linux Birthday Bash (Score:2, Informative)
Surely LUV would be willing to help, too...
Re:Linux Birthday Bash (Score:1)
Another bash ? (Score:2, Funny)
hmm.. (Score:1)
And they better have alot of Soda, as most Linux geeks I know are wider than they are tall.
Set This Code Red List Up, Too (Score:2, Interesting)
Oh, yeah, I did it in PHP, of course.
-Waldo
Re:Set This Code Red List Up, Too (Score:1)
Don't you think it's irresponsible to list the IPs of owned hosts in public?
The kiddies will find them anyway, but there's no need to make it easy for them
BTW my CR2 stats page (written in perl, to feed the language flamefest) shows 980 code red II hits vs. 160 code red I hits.
The IP list is generated and stored more privately, looking for a good way to notify them...
Re:Set This Code Red List Up, Too (Score:1)
Not really. Not to say that I didn't put some thought into it -- I did. But anybody that has a machine connected to the Internet for any length of time (and I mean any, as some folks have found out) is going to get their own list quite rapidly. I'd considered how to best notify them, but I found that it was simply impossible to notify the majority of them. I live in a tight-knit tech community here in Charlottesville, Virginia, and I primarily hope that one of the many local folks that check in on my site regularly will recognize some of the IP addresses as their own or those of their associates. Idealistic? Perhaps. But what put me over the edge into deciding that is a reasonable action is that so many machines are infected at this point that I figure it's worth trying something. Every little bit helps.
-Waldo
That's amusing. (Score:1)
Exactitude, Fortitude, Picnic... (Score:4, Funny)
Or am I on drugs?
DUF - reverse FUD and beer for picnic (Score:1)
Phillip.
CR2 response (Score:2)
Re:CR2 response (Score:3, Insightful)
Suppose the infected system provided suicide-prevention access, or battered-women's services, and your code shut it down completely, and someone got hurt, or dead - your little hack could get you in a major civil or even criminal hole that you'd regret.
Think twice before messing with anyone else's server, especially through any automated script. But that said - if you could shut down the worm, patch the server, remove the backdoors, and post a message to
At minimum, you'd have to keep complete TCP/IP traffic logs for such interdictions for seven years or whatever the longest Federal, State, or Local statute of limitations requires. You'd also need to escrow these and all your code with your attorney immediately.
Code Red's mutating? (Score:1)
Holy crap. It's affecting *nixes now?
Come on. Your average NT admin won't bother looking at the webserver logs, much less the event logs: the fact that their web servers are completely owned by the worm yet they're not doing anything is proof enough of this. Maybe a post to the _desktop_ would get through, but not likely. Log the IP and the attack and contact their ISP.
That's all I've been doing. Anything more and you can look forward to explaining to a bunch of lawyers why your eally weren't a Bad Guy.
Never forget that lawyers and plaintiffs have neither a sense of common decency nor common sense.
Re:CR2 response (Score:2)
Re:CR2 response (Score:4, Insightful)
Crack one IIS box, and you're a felon. Crack a million, and you're... some anonymous virus-writing guy that will never be brought to justice.
Re:CR2 response (Score:1)
Please explain, then think twice whether you've ever http:ed to an IP without asking permission beforehand ... umm ... come to think of it, I've never asked the Slashdot crew for permission to GET an index file here ...
Re:CR2 response (Score:1)
Re:CR2 response (Score:1)
Perhaps 'Good Samaritan' laws would come into effect here?
Re:CR2 response (Score:1)
(*lets that sink in*)
So that means if I had the money right now, I could hire 500 head of lawyer and, wielding my trusty apache logfiles, start 500 lawsuits against the people who, by means of gross administrative irresponsibility, have machines which are running automated scripts which are attempting to gain unauthorized access to my machine (and failing), and win each of those lawsuits because doing so is a felony?
That would be sweet justice. However, I don't think the case would hold up, regardless of who sued who.
Re:CR2 response (Score:2)
One lawyer would do. And it might be interesting to try this. They did, after all, attack your system. Call it a reverse class-action.
Re:CR2 response (Score:1)
Jaysyn
Re:CR2 response (Score:1)
Visualizing a billion units of time... (Score:5, Interesting)
Did I get my math right?
About a billion seconds ago, the first man walked on the moon. (~31 years)
About a billion minutes ago, the first man was said to have walked on water. (~1860 years, sorta close to the 0 CE mark)
About a billion hours ago, the first man walked through what we now call Europe. (~111600 years, homo sapiens in upper pleistocene)
About a billion days ago, the first man walks. (over 2.6 million years, a bit before the oldest known homo habilis)
About a billion years ago, the first multicelled animals form. (eukaryotes supplant prokaryotes)
About a billion decades ago, the Milky Way galaxy began to form.
Visualize a billion (Score:1)
Re:Visualizing a billion units of time... (Score:4, Funny)
Re:Visualizing a billion units of time... (Score:4, Funny)
And about billion clock cycles ago, I was typing the word "typing."
Billionth second of epoch (Score:1)
The way I see it, the milestone being celebrated is that the epoch is rolling over to 1000000000, not that it's been 1000000000 seconds since the epoch started. If we were celebrating the latter then Ian would have a good point and we'd all have to modify our alarms accordingly. But I think the rollover point is a more significant milestone than the true count of seconds.
All this really means though is that we have two celebrations within 22 seconds of each other. I certainly don't have a problem with that ;-)
Stats (Score:1)
Am I the only one? (Score:1)
Am I the only one that thinks that timothy's writing is incomprehensible? I don't know what it is, but I have read every slashback post about 3 times just to figure out what he is trying to say. Just wanted to know if I am alone.....
Re:Am I the only one? (Score:1)
Yes, you are. It's a big cold dark lonely universe out there. :)
can we make money off this? (Score:1)
-db
call me relieved... (Score:1)
Your article on slashdot.org about the billionth second of the epoch is sort of (but not entirely) flawed.
I was the slashdotter who submitted the original article [slashdot.org]. And just for the record, I never said anything about a billion seconds from 1970-01-01, I just pointed out that "soon the magic numbers will say all 9s".
At the time, I felt like a complete dork for even noticing the proximity of UNIX timestamp "987654321", but I felt like it'd be wrong of me not to share, so I did, and threw in the bit about UNIX timestamp "999999999" just for kicks. It was only the second story I'd ever submitted to /., and the only one to get accepted (the first was announcing the release of Mozilla M16, but I'd jumped the gun).
Now that I know that there's someone out there who cares enough to correct my back-of-an-envelope calculations by bringing in leap seconds makes me feel like less of a dork.
(By the way, my title as submitted was "descending unix timestamp"; it was Timothy who changed the title to "The Quickly Descending Unix Timestamp", which wrongly implies that the timestamp's value is getting smaller over time, IMHO.)
Anyway, maybe now that I can prove I'm not the biggest nerd out there I'll start getting dates again....
sorry about the wrong implication ;) (Score:1)
Descending! Descending! I guess not everyone pictures that exactly the same way
Mea culpa, mea maxima culpa. Rapidly *increasing* seemed wrong when about to hit so many zeros
cheers,
timothy
p.s. Happy teaching / new home.
Re:sorry about the wrong implication ;) (Score:1)
now I understand (Score:1)
Descending! Descending! I guess not everyone pictures that exactly the same way ;)
When I said descending I was thinking as in: "sort the following nine digits in descending order."
But then many ./ers apparently took it to mean "getting smaller over time." Although the more accurate word for that would have been "decreasing" or maybe "diminishing".
Let's have fun with definitions straight outta my brain!
Anyway, I didn't mean to nitpick about the title. I just thought it was ironic that some folk complained about the title when it hadn't been mine.
Confusion between submitter and editor ... (Score:1)
Unless we've messed up the formatting for a particular story, though, reader-submitted text is always quoted and italic (except, say, for features
To be clear -- that "descending" title was my fault, and you can point anyone who complains to you about it to this comment
timothy
How Code Red uses sockets... (Score:5, Informative)
Umm, I hate to be the damper in evil plans for Code Red ...
Any servers which "wait" are just wasting their own processor and memory.
Scott.
Re:How Code Red uses sockets... (Score:1)
I doubt that CR will ever reach the OS-imposed limit, but IANAE.
CRIII spawns 300 threads. (Score:1)
Re:How Code Red uses sockets... (Score:1, Funny)
I knew we should've listened to Steve Gibson on the dangers of non-blocking sockets!
Anonymous cowards couldn't hit the broad side of a barn.
Re:How Code Red uses sockets... (Score:1)
Correct me If I'm wrong ( and I know someone will) but, I think the only Code Red version that uses non-blocking sockets is the 'B' variant of version 2.
CodeRedNeck (Score:1)
The concept is simple. The attacker scans networks looking for a "live" connection. We give them that :-) and we use TCP/IP's stubbornness against
them. When the scanner attempts to make a connection to a port with a SYN
packet, we send them back a SYN/ACK and then simply ignore them. Because
they've "completed" a three-way handshake, their TCP/IP stack assumes that they
have a good connection and tenaciously attempts to hang onto it, retrying the
connection until they finally time out.
I'm sure it'll be modified to work as an all-purpose portscan-blocker in no time flat.
Re:The Register---offtopic, I know, but ... (Score:1)
You spell his name correctly, then mess up the simplest word in the English language.
You amuse me.
Re:The Register---offtopic, I know, but ... (Score:1)
Gimp.
Re:The Register---offtopic, I know, but ... (Score:2)
Re:The Register---offtopic, I know, but ... (Score:2)
Re:The Register---offtopic, I know, but ... (Score:2)
Dave
Re:The Register---offtopic, I know, but ... (Score:2)
try tracerouting or pinging bloody anywhere
of course the F***ing morons have left port 80 open.............. in most places, maybe not for El Reg